Live Features of Netcat tool.

It takes lots of patience and strength to use this swiss army knife. I have to test everything, put everything on acid test. Then I thought why others suffer the same. This post will help people who want to see the true picture of netcat.

Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used candidly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool since it can produce almost any kind of correlation one would need and has a number of built-in capabilities.

The common Netcat switches are as follows:

Features of Netcat: NetCat has the following features:

• Outbound or inbound connections, TCP or UDP, to or from any ports
• Full DNS forward/reverse checking, with appropriate warnings
• Ability to use any local source port
• Ability to use any locally-configured network source address
• Built-in port-scanning capabilities, with randomization
• Built-in loose source-routing capability
• Can read command line arguments from standard input
• Slow-send mode, one line every N seconds
• Hex dump of transmitted and received data
• Optional ability to let another program service established connections
• Optional telnet-options responder
• Featured tunneling mode which also allows special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel).

Netcat Examples:

• Opening a raw connection to port 25 is (like telnet) :

  nc mail.server.net 25

• Setting up a one-shot webserver on port 8080 to present a file:

  ( echo -e “HTTP/1.0 200 Ok\n\r”; cat some.file; ) | nc -q 1 -l -p 8080

  The file can then be accessed via a webbrowser under http://servername:8080/. Netcat only serves the file once to the first client that connects and then exits.

• Checking if UDP ports (-u) 80-90 are open on 192.168.0.1 using zero mode I/O (-z) :

  nc -vzu 192.168.0.1 80-90

• Pipe via UDP (-u) with a wait time (-w) of 1 second to ‘loggerhost’ on port 514:

  echo ‘<0>message’ | nc -w 1 -u loggerhost 514

• Portscanning:

  An uncommon use of netcat is port scanning. Netcat is not considered the best tool for this job, but it can be sufficient (a more advanced tool is Nmap)

  nc -v -n -z -w 1 192.168.1.2 1-1000

  The “-n” parameter here prevents DNS lookup, “-z” makes nc not to receive any data from the server, and “-w 1? makes the connection timeout after 1 second of inactivity.

• Proxying

  Another useful behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:

  nc -l -p 12345 | nc www.google.com 80

  Port 12345 represents the request. This starts a nc server on port 12345 and all the connections get redirected to google.com:80. If a web browser makes a request to nc, the request will be sent to google but the response will not be sent to the web browser. That is because pipes are unidirectional. This can be worked around with a named pipe to redirect the input and output.

  mkfifo backpipe
  nc -l -p 12345 0backpipe

  On the Linux computer, also can use “-c” option.

  nc -l -p 12345 -c ‘nc www.google.com 80′

• Making any process a server:

  On a computer A with IP 192.168.1.2:

  nc -l -p 1234 -e /bin/bash

  Look these videos to get more idea..

  The “-e” option spawns the executable with its input and output redirected via network socket.